KB5065790 Windows 11 23H2 Preview Fixes SIM PIN Sign‑in RDP IME and SMBv1

Microsoft has quietly released the optional preview update KB5065790 for Windows 11 version 23H2 (Build 22631.5984), a compact quality rollup that fixes a handful of high‑impact reliability issues — notably a SIM PIN sign‑in freeze, multi‑monitor Remote Desktop shutdowns, problematic Chinese IME rendering, and an SMBv1 NetBT connectivity regression introduced earlier in September.

Background / Overview​

Windows 11 version 23H2 shipped in October 2023 and is approaching the end of servicing for consumer editions. Microsoft’s lifecycle announcement confirms that Home and Pro editions of Windows 11 23H2 will reach end of updates on November 11, 2025; after that date, devices that remain on 23H2 will no longer receive security updates. Enterprise and Education SKUs follow a later schedule under extended servicing.
Against that calendar, KB5065790’s timing is notable: it is an optional “C” (preview/non‑security) release intended to resolve real user pain points before those fixes are rolled into the monthly security rollup. Microsoft distributed the patch to the Release Preview Channel and has published the short set of fixes in the Insider release notes for Build 22631.5982/5984.

---

What KB5065790 changes — the short list​

This update is narrow in scope and focused on reliability, not new features. The key fixes documented by Microsoft and corroborated by independent coverage include the following:

• Authentication: resolves a condition where the sign‑in screen would stop responding after a user entered the SIM PIN while signing in over a mobile broadband connection.
• COSA (Country and Operator Settings Asset): updates or refreshes mobile carrier profiles used for WWAN/eSIM provisioning.
• Display / Remote Desktop: fixes a critical issue where multi‑monitor Remote Desktop Protocol (RDP) sessions could trigger an unexpected shutdown when a dock or monitor was disconnected during active streaming.
• Input / IME: corrects Chinese Input Method Editor rendering problems where specific characters either did not render correctly or appeared as empty boxes in text fields (including some admin tools constrained by character limits).
• Printing UI: prevents the Settings > Printer queue view from crashing when inspecting the queue of a shared printer.
• System service metadata: fixes a cosmetic/administrative bug where the McpManagement service could appear without a proper description.

Independent reporting and specialist blogs also identify an important networking fix published in this preview: KB5065790 addresses the September 2025 regression that disrupted access to SMBv1 shares when NetBIOS over TCP/IP (NetBT) was in use — a problem that appeared after the September cumulative updates. That SMBv1/NetBT connectivity problem was confirmed in Microsoft service alerts and has been explicitly targeted in this preview release.

---

Why this matters now​

There are three practical reasons Windows 11 users and administrators should pay attention to KB5065790:

• Fixes target real blockers. Sign‑in freezes and abrupt shutdowns during remote sessions are high‑severity for affected users; resolving them reduces end‑user downtime and helpdesk load.
• It’s an optional preview: you can test before the wider monthly rollup. Optional “C” releases are a deliberate Microsoft pattern for validating fixes with broader telemetry before folding them into the Patch Tuesday cumulative. Administrators can use this window to validate in pilot rings and prepare for October’s monthly security rollup where the changes will be included for production use.
• Timing vs end of servicing: with 23H2 consumer servicing ending on November 11, 2025, organizations still on 23H2 must choose between applying this fix set now, or planning an upgrade to 24H2 (or later) to remain current and supported. Microsoft’s lifecycle communications are explicit on that deadline.

A number of outlets that covered KB5065790 positioned the update as a targeted reliability release that will help specific user cohorts — remote workers who rely on RDP, mobile broadband devices that use eSIMs, organizations with legacy SMBv1 equipment, and multilingual deployments that use Chinese IMEs.

---

How to get KB5065790: channels and direct downloads​

Because KB5065790 is an optional preview update, it will not be delivered automatically to devices that are not configured for Release Preview/optional updates. There are three primary ways to obtain the fix:

• Via Windows Update (Release Preview/Insider rings) when the device is enrolled in that channel.
• Through managed distribution: WSUS, Windows Update for Business, or Intune rings that permit optional preview releases. Test and stage via rings.
• Manual offline install by downloading the .msu package from the Microsoft Update Catalog and installing locally. Microsoft supports installation via the Windows Update Standalone Installer (WUSA) or DISM for offline servicing.

If Windows Update fails, the Microsoft Update Catalog is the fallback for administrators and power users — search for KB5065790 and pick the SKU (Home/Pro vs Enterprise/Education) and architecture (x64 vs ARM64) that matches the target device. Several community posts and reports emphasise verifying the correct package before applying, and verifying the file integrity after download.

---

Manual installation: step‑by‑step (recommended for power users and admins)​

• Confirm your Windows version and build: run winver and ensure you are on Windows 11 version 23H2 (build family 22631.x).
• Visit the Microsoft Update Catalog and search for KB5065790. Download the MSU that matches the device SKU and architecture.
• (Optional) Verify the file hash using PowerShell:
• Get-FileHash -Path C:\Path\To\windows11.0-kb5065790.msu -Algorithm SHA256
  Compare the value with a published hash if available.
• To install interactively double‑click the .msu file. To install silently from an elevated prompt:
• wusa.exe C:\Path\To\windows11.0-kb5065790.msu /quiet /norestart
  Use /norestart to avoid an immediate reboot, but remember to restart when ready. WUSA and its switches are documented by Microsoft.
• For image servicing or scripted deployment, use DISM:
• Dism /Online /Add-Package /PackagePath:C:\Path\To\windows11.0-kb5065790.msu
  DISM supports applying .msu packages to an online image and is recommended for managed or offline scenarios.
• Validate the install by checking the OS build in winver or by reviewing Setup/Windows Update event logs (WUSA writes entries to the Setup log).

---

Deployment guidance and risk assessment​

Even small optional fixes can surface regressions on certain hardware or driver stacks. Follow these rollout best practices:

• Pilot first. Stage KB5065790 in a pilot ring for 48–72 hours and monitor telemetry, event logs, app crashes, and user reports before broader deployment. Constrain the initial scope to devices that actually exhibit the fixed behaviors (for example, RDP docking devices if you’re targeting that fix).
• Check dependencies. Some manual .msu installations are combined SSU+LCU packages. Ensure required servicing stack updates are present and that you choose the correct SKU/architecture package. An MSU that doesn’t match will report “not applicable.”
• Back up and snapshot. For enterprise images and critical endpoints, take full image backups or at least create system restore points and known-good snapshots before applying manual packages.
• Watch drivers and docking firmware. The RDP/dock/display fixes interact with GPU drivers, docking station firmware, and vendor WWAN stacks — any of those layers might still cause instability after the OS fix. Coordinate driver and firmware updates with the fix if possible.

Risks to consider: optional preview updates by definition carry a small chance of introducing regressions in complex environments. Organizations that rely on legacy protocol stacks (notably SMBv1/NetBT) must plan remediation or mitigations; Microsoft has encouraged moving off SMBv1 where possible and provided interim workarounds (for example, allowing TCP port 445 to prefer TCP over NetBT). The SMBv1 fix in KB5065790 addresses only the 23H2 client scenario; Microsoft is expected to roll the fix to other affected versions on the next security cycle if necessary.

---

The SMBv1 NetBT regression — context and mitigation​

A high‑visibility problem in September’s servicing cycle caused SMBv1 shares reachable via NetBIOS over TCP/IP (NetBT) to become inaccessible after installing the mid‑September security updates. Microsoft documented that behavior in a service alert and indicated it was working on a fix. The preview release KB5065790 for 23H2 includes a correction for that NetBT/SMBv1 connectivity regression. Administrators still using devices that depend on SMBv1 should treat this as a stopgap: SMBv1 is deprecated and insecure, and migration to SMBv2/SMBv3 is the long‑term remediation. In the short term, allowing TCP 445 traffic is a suggested workaround that forces direct TCP SMB connections instead of NetBT.

---

Out‑of‑band update for 24H2 and the DRM playback issue​

Concurrent with the preview for 23H2, Microsoft issued an out‑of‑band update for Windows 11 version 24H2 that targeted urgent problems, including certain Office/App‑V environment issues. That OOB patch does not appear to cover some cross‑release regressions such as platform DRM playback issues that surfaced in this month’s updates; Microsoft’s health pages have shown a confirmed label for a DRM/EVR regression affecting some players. This means a small set of customers may still see playback failures until the DRM regression is specifically addressed in a subsequent security or OOB release. Independent coverage has documented these parallel updates and their different coverage scopes.

---

What’s not in KB5065790 (and what’s speculative)​

KB5065790 is explicitly a reliability rollup — there are no new consumer features in this preview release. Some outlets speculated that these smaller updates might accelerate migration to 24H2 because 23H2 is nearing EOL; that is a reasonable inference but not a technical claim Microsoft has confirmed. Treat claims that KB5065790 will “push” users to 24H2 as opinion or market dynamics commentary unless Microsoft announces a change to forced upgrades or new assisted rollout policy. The lifecycle end date and servicing policy remain the authoritative guides.

---

Quick checklist for decision makers​

• If your environment experiences any of the fixed behaviors (SIM PIN sign‑in freeze, RDP multi‑monitor shutdowns, Chinese IME rendering issues, shared‑printer Settings crash, or SMBv1/NetBT connectivity problems), evaluate KB5065790 in a pilot ring and schedule a controlled rollout.
• If you do not experience those issues and you plan to migrate to 24H2 before November 11, 2025, consider skipping the preview and ensure your upgrade path is tested and executable.
• For unmanaged Home/Pro fleets, prepare for the end of servicing deadline. Devices that remain on 23H2 after November 11, 2025, will not get security updates, so an upgrade plan is essential.

---

Final assessment — strengths and residual concerns​

KB5065790’s strengths are evident: Microsoft targeted a concise set of real‑world reliability problems and delivered fixes that will reduce immediate user impact in affected cohorts. The patch addresses both user‑visible issues and some administrative irritants (COSA profiles, service descriptions), and it patches the high‑profile SMBv1/NetBT connectivity regression that caused operational disruption for some networks.
However, residual concerns remain:

• Optional preview updates can still trigger regressions in diverse hardware configurations, especially when display drivers, docking firmware, or vendor WWAN stacks are involved. Conservative staging and monitoring are essential.
• The SMBv1 fix is a tactical mitigation — the strategic response is migration from SMBv1 to modern SMB versions and removal of NetBIOS‑based sharing where possible. Short‑term workarounds (e.g., enabling TCP 445) can leave networks in transient, less secure states.
• With 23H2 consumer servicing ending on November 11, 2025, the longer‑term decision is whether to remain on 23H2 and apply fixes selectively, or to accelerate upgrades to 24H2/25H2 to preserve security update eligibility. Each organization must weigh compatibility, application certification windows, and supportability.

---

Bottom line​

KB5065790 is a pragmatic, narrowly scoped preview update that fixes several impactful reliability regressions for Windows 11 23H2 users. For administrators and power users who are directly affected by the corrected behaviors, this patch is worth validating and, if successful in pilot testing, deploying broadly. For the majority of users who are either unaffected or planning to upgrade to a supported release before November 11, 2025, the update is optional and can be skipped until the next Patch Tuesday rollup that will incorporate these fixes.
If you choose to apply KB5065790 manually, follow Microsoft’s recommended processes for selecting the correct .msu from the Update Catalog, verify package integrity, use WUSA or DISM as appropriate, and stage the rollout to reduce operational risk.
Note: the lifecycle dates, Windows Insider release notes, and the SMBv1 repair are documented in Microsoft communications and independent reporting; any speculative commentary about market effects or forced migrations should be treated as opinion unless Microsoft modifies its public support policy.

---

---

Source: Windows Latest Windows 11 KB5065790 23H2 released, direct download links (.msu)